On Fri, 17 May 2002, Brian Credeur wrote: > Hi, > > I have a LEAF Bering 1.0-rc1 system (Shorewall 1.2.8) and have 5 static > external IP addresses to use. One IP is the primary of the firewall, I > am using proxy arp for three of the IP's (DMZ network servers), and > static NAT for the last IP (internal network system). This is a similar > setup to the newer example network in the Shorewall documentation. > > Everyting, seems to work just fine, with one exception. After a long > period of idleness I find that I cannot connect to external and DMZ > hosts from the statically NAT'd system, though it can connect to > internal network hosts just fine. All other connections work as > configured (DMZ<->internal, internal (masq'd) <->Internet, ...), so > appears to be an issue specific to the static NAT. > > When the problem occurs I cannot make any TCP connections to the > Internet, for example, from the static NAT'd PC. Also, if I ping an > Internet host, from it the packets are dropped by the firewall: > Shorewall:rfc1918:DROP:IN=eth0 OUT=eth0 SRC=<static_nat_host> > DST=<non-internal_network_host> ... >
Do you have both sides of your firewall connected to the same hub or switch? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] _______________________________________________________________ Hundreds of nodes, one monster rendering program. Now that�s a super model! Visit http://clustering.foundries.sf.net/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
